Authority management of the system management is very important work; and a series of authorization and authentication measures are adopted by various management interfaces and management tools to avoid login of illegal users. At present, Simple Network Management Protocol (SNMP) which has three versions as follows: V1, V2c and V3, has become a widely applied network management protocol;
the version V1 and the version V2c are not defined well in terms of security; the version V3 has enhanced the definition of security, such as user management and data encryption, but the security defined by the version V3 is not very perfect since the situation that an unauthorized user logs on may occur in the user password encryption part in the User-Based Security Model (USM) which is defined by the version V3.
The USM is defined in RFC2574 of the SNMP V3 version; wherein a method for encrypting the password of the SNMP user by using encryption algorithm Message-Digest Algorithm 5 (MD5) or encryption algorithm Secure Hash Algorithm (SHA) is defined. The method has a problem that different original passwords may be the same after encryption; that is to say, an illegal user can use the password different from the password of the authorized user to log on the SNMP server which is configured to realize RFC2574.
That is because the way for encrypting the SNMP user password in the RFC2574 is to expand the original password of the user; and the expand method is to repeat the original password for several times until the length of 1048576 bytes is reached. For example, if the original password is ‘ab’, the total length of the password can reach to 1048576 bytes after the ab is repeated for 1048576/2-1 times; and then the encrypted password is obtained after the password in the length of 1048576 bytes is subjected to the series of MD5 or SHA encryption process. The condition that two different original passwords may become same after being expanded to the length of 1048576 bytes is existed in such method, so the security cannot be guaranteed no matter how to encrypt subsequently. For another example, the original password ‘aaaa’ of the user A and another original password a after being expanded both form 1048576 a, so no matter the encryption is processed by using either MD5 or SHA, the encrypted results are necessarily same as long as the encrypted data are same. Consequently, if an illegal user AA who knows the user name of the user A at this moment and tries to use the password a to log on through SNMP client, may passes through the verification and uses the unauthorized password to access in the system illegally through the SNMP management interface as the SNMP server side verifies the user strictly according to the user password encryption method of the RFC2574.
Generally speaking, users consider that the longer the password is, the safer it is, so most SNMP servers only make a limitation that the password configured by a user must reach to certain length or the password mixed with letters and digits is used so as to enhance the security. Such vulnerability exists in the USM defined by the SNMP V3 in the RFC2574. As a result, an illegal user may use short byte string as a password to log on the SNMP server if the password although long and complex is composed by repeating one shorter byte string for twice or more.